SYSTEM AND METHOD FOR CREATING AND APPLYING CATEGORIZATION-BASED POLICY TO SECURE A MOBILE COMMUNICATIONS DEVICE FROM ACCESS TO CERTAIN DATA OBJECTS
First Claim
Patent Images
1. A method comprising:
- a) at a server running an application security component, creating a plurality of categorization-based application policies;
b) storing the plurality of categorization-based application policies in data storage accessible to the server running the application security component;
c) at the server running the application security component, establishing communication with a specific mobile communication device to obtain information about the specific mobile communication device;
d) at the server running the application security component, based upon the obtained information, identifying from the plurality, a categorization-based application policy that is apt for the specific mobile communication device; and
,e) at the server running the application security component, making the identified categorization-based application policy available to the specific mobile communication device.
7 Assignments
0 Petitions
Accused Products
Abstract
A server creates categorization-based application policies and selects a specific policy to send to a mobile communications device. In one embodiment, the mobile communication device applies the categorization-based application policy received from the server to information about a data object (e.g., application) that the device wants to access (or has accessed). Based on the application of the categorization-based policy, the device may be permitted to access the data object or the device may not be permitted to access the data object.
33 Citations
33 Claims
-
1. A method comprising:
-
a) at a server running an application security component, creating a plurality of categorization-based application policies; b) storing the plurality of categorization-based application policies in data storage accessible to the server running the application security component; c) at the server running the application security component, establishing communication with a specific mobile communication device to obtain information about the specific mobile communication device; d) at the server running the application security component, based upon the obtained information, identifying from the plurality, a categorization-based application policy that is apt for the specific mobile communication device; and
,e) at the server running the application security component, making the identified categorization-based application policy available to the specific mobile communication device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
a) at a mobile communication device running an application security component, receiving user input about categories of data objects that the mobile communication device is permitted to access and about categories of data objects the mobile communication device is not permitted to access; b) at the mobile communication device, processing the user input by the application security component to create a categorization-based application policy; c) at the mobile communication device application security component, receiving a request to access a data object and information about the data object; d) at the mobile communication device application security component, applying the categorization-based application policy to the information about the data object; e) when the mobile communication device application security component determines that the data object is permitted, permitting the mobile communication device to access the data object; and f) when the mobile communication device application security component determines that the data object is not permitted, not permitting the mobile communication device to access the data object. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method comprising:
-
a) at a server running an application security component, receiving administrator input about categories of data objects that mobile communication devices are permitted to access and about categories of data objects that mobile communication devices are not permitted to access; b) at the server running an application security component, processing the administrator input to create a plurality of categorization-based application policies; c) storing the plurality of categorization-based application policies in data storage accessible to the server running the application security component; d) at the server running the application security component, establishing communication with a specific mobile communication device to obtain information about the specific mobile communication device; e) at the server running the application security component, based upon the obtained information, identifying from the plurality, a categorization-based application policy that is apt for the specific mobile communication device; and f) at the server running the application security component, making the identified categorization-based application policy available to the specific mobile communication device. - View Dependent Claims (12, 13, 14)
-
-
15. A method comprising:
-
a) at a mobile communication device running an application security component, receiving a request to access a data object and information about the data object; b) at the mobile communication device, in response to the request, sending the information about the data object and information about the mobile communication device to a server; c) at the mobile communication device, receiving notification from the server that the mobile communication device is permitted to access the data object when the server determines that the mobile communication device is permitted to access the data object, the determination based on; a. an identified categorization-based application policy, the identified policy identified from a plurality of categorization-based application policies based upon the information about the mobile communication device, the plurality of categorization-based application policies created from processing administrator input about categories of data objects that mobile communication devices are permitted to access and about categories of data objects that mobile communication devices are not permitted to access, and b. the information about the data object; and d) at the mobile communication device, receiving notification from the server that the mobile communication device is not permitted to access the data object when the server determines that the mobile communication device is not permitted to access the data object, the determination based on; a. an identified categorization-based application policy, the identified policy identified from a plurality of categorization-based application policies based upon the information about the mobile communication device, the plurality of categorization-based application policies created from processing administrator input about categories of data objects that mobile communication devices are permitted to access and about categories of data objects that mobile communication devices are not permitted to access, and b. the information about the data object. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method comprising:
-
a) at a server running an application security component, processing;
categorization data about data objects available for access by mobile communication devices;
mobile communication device data about types of mobile communication devices; and
data about mobile communication device operating systems, to create a plurality of categorization-based application policies;b) storing the plurality of categorization-based application policies in data storage accessible to the server running the application security component; c) establishing communication between the server running the application security component and the specific mobile communication device; d) at the server running the application security component, obtaining information about the specific mobile communication device including the mobile communication device type and operating system; e) at the server running the application security component, obtaining information from the specific mobile communication device about a data object; f) at the server running the application security component, based upon the obtained information about the specific mobile communication device, identifying from the plurality, a categorization-based application policy that is apt for the specific mobile communication device; g) at the server running the application security component, applying the identified categorization-based application policy to the obtained information about the data object; h) when the server running the application security component determines that the specific mobile communication device is permitted to access the data object, the server running the application security component notifies the specific mobile communication device that it is permitted to access the data object; and i) when the server running the application security component determines that the specific mobile communication device is not permitted to access the data object, the server running the application security component notifies the specific mobile communication device that it is not permitted to access the data object. - View Dependent Claims (21, 22, 23)
-
-
24. A system, comprising at least one processor and memory and instructions that when executed cause the at least one processor to:
-
a) create a plurality of categorization-based application policies; b) store the plurality of categorization-based application policies in data storage; c) establish communication with a specific mobile communication device to obtain information about the specific mobile communication device; d) based upon the obtained information, identify from the plurality, a categorization-based application policy that is apt for the specific mobile communication device; and
,e) make the identified categorization-based application policy available to the specific mobile communication device. - View Dependent Claims (25)
-
-
26. A method comprising:
-
a) at a server running an application security component, receiving administrator input about access security policies for mobile communication devices; b) at the server running an application security component, storing a plurality of access security policies in data storage accessible to the server running an application security component, the plurality of access security policies stored based on the administrator input; c) at the server running an application security component, receiving from a specific mobile communication device a request for access to a data object, the request comprising information about the data object and about the specific mobile communication device; d) at the server running an application security component, based on the received information, identifying from the plurality an application access security policy that is apt for the mobile communication device; e) at the server running an application security component, applying the identified application access security policy to the data object based on the information received about the data object; f) when the server running the application security component determines that the specific mobile communication device is permitted to access the data object, the server running the application security component notifies the specific mobile communication device that it is permitted to access the data object; and g) when the server running the application security component determines that the specific mobile communication device is not permitted to access the data object, the server running the application security component notifies the specific mobile communication device that it is not permitted to access the data object. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A method comprising:
-
a) at a mobile communication device running an application security component, receiving a request to access a data object and information about the data object; b) at the mobile communication device, in response to the request, sending the information about the data object and information about the mobile communication device to a server; c) at the mobile communication device, receiving notification from the server that the mobile communication device is permitted to access the data object when the server determines that the mobile communication device is permitted to access the data object, the determination based on; a. administrator input about access security policies for mobile communication devices, b. the information about the data object, and c. the information about the mobile communication device; and d) at the mobile communication device, receiving notification from the server that the mobile communication device is not permitted to access the data object when the server determines that the mobile communication device is not permitted to access the data object, the determination based on; a. administrator input about access security policies for mobile communication devices, b. the information about the data object, and c. the information about the mobile communication device. - View Dependent Claims (32, 33)
-
Specification